Detection & Response Analyst

Job Description:

• Provide ongoing support to the Regional Security Operations program.
• Maintain an effective 24x7 monitoring and detection services to internal and external clients.
• Act as the point of escalation for all security incidents; provide expert level feedback regarding current monitoring and ways to improve it.
• Act as the shift lead; fulfil this responsibility through leadership and guidance of ID team members, proactively prioritizing, identifying, analyzing and remediating threats.
• Ensure that the ID Analysts’ daily work activity is completed to the required quality levels and timelines, by verifying that their responsibilities are executed, in accordance with the expectations set by the ID Team Lead.
• Triage security incidents and perform in-depth analysis using Cyber Threat Intelligence, intrusion detection systems, firewalls and other boundary protection devices.
• Maintain an understanding of the overall threat landscape (cyber, malware, botnets, phishing, DDoS, physical).
• Provide 24x7 coverage to support the RSOC services; Participate in an on-call rotation.
• Train and mentor team members within the Incident Detection Team.
• Improve the effectiveness and efficiency of day-to-day operations.
• Assist with service requests from customers and internal teams.
• Assist with containment and remediation of threats during incidents. Use internal ticketing system to track investigated incidents and capture relevant details.
• Support Incident Response efforts as needed, including providing counsel, working with the IR team, as well as other involved stakeholders within the organization and customers to drive forward remediation activities.
• Conduct threat hunting activities based on internal and external threat intelligence.
• Create and update daily and monthly reports.
• Contribute to the creation of documentation to standardize processes and procedures, including playbooks to improve internal processes and procedures.
• Use investigation findings to identify gaps and recommend security posture improvements.
• Identify, recommend, coordinate, and deliver timely knowledge to support teams.
• Other tasks and responsibilities as assigned by leadership.

Requirements:

• Experience working with cyber security tools and software such as Sentinel, Splunk, ATP, Symantec End Point, TrendMicro Antivirus, McAfee Web Gateway, Checkpoint Firewalls, Bluecoat, Sourcefire, Active Directory, or relevant cyber security assets.
• Excellent critical thinking, logic, and solution orientation and to learn and adapt quickly.
• Ability to learn and operate in a dynamic environment.
• Detail-orientated and analytical skills; Problem-solving skills.
• Strong verbal and written communication skills.
• Proficient with Microsoft Office & documentation skills (Word, Excel, PowerPoint)
• 4+ years of experience in Security Operations monitoring.
• Experience with Security Operations processes, procedures, and services Advanced knowledge of network monitoring and network exploitation techniques.
• Strong technical background in security, network, infrastructure, cloud, applications.
• Knowledge of risk assessment tools, technologies and methods.
• Experience with common attack vectors, including advanced adversaries (nation state/financial motivation).
• Knowledge around common web application attacks including SQL injection, cross-site scripting, invalid inputs, and forceful browsing.
• Knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB.
• Experience working with cyber security tools and software such as Splunk, ATP, Symantec End Point, TrendMicro Antivirus, McAfee Web Gateway, Checkpoint Firewalls, Bluecoat, Sourcefire, Active Directory, or relevant cyber security assets.
• Technical certifications such as GCIA, GCFA, GCIH or CASP is a plus.

Benefits: Apply tot his job Apply To this Job